printer friendly version

Choosing the right biometric technology in the new normal

Nowadays, positively identifying an individual requires more than a badge or a PIN. Biometrics, widely acknowledged as the most accurate form of identification, is increasingly incorporated into the security protocols across industries. We explore the various biometric modalities available and review how the market has been impacted by the current pandemic. Furthermore, we share recommendations for successful biometric deployments in this very special context.

When what you have and what you know … are not enough

Multi-factor authentication is very famous in the security industry. It consists of increasing the security level by requiring something you have (a token such as a badge or a card), something you know (a PIN code or password) and/or something you are (your physical attributes like biometrics).

Tokens and PIN codes can be stolen, shared or broken. This is not the case with biometrics. Biometrics are the only means of authentication today which can ensure that, for instance, the person passing through a gate is a genuine employee with actual access rights. Coupled with the right biometric access control technology, all business rules and regulations can be enforced specifically for the person trying to gain access, and depending on the use case: compliance for mining, health check, sobriety check, etc.

Long gone is the time when biometrics were reserved for government agencies. Today, it can benefit everybody, from companies to gated communities.

Which biometrics?

Biometric data are extracted from a human body part (a face, a finger or an iris) through the isolation of multiple reference points converted via an algorithm into a digital record (‘template’). This template is stored in the biometric device or on a server, and used as the reference for comparison with data extracted by the device each time an individual requests access. Once the two data sets match, the individual gains access.

So, how do we select the appropriate biometrics to meet our needs?

Adoption/acceptance: The chosen type of biometric modality (facial, iris, fingerprints) depends on the use case’s security requirements and preferences, but can also be influenced by cultural habits, beliefs, or others.

Accuracy: With biometrics, trust is paramount. Users must trust and be confident that the system can positively identify them every time, all the time. It must be true whether one person or 10 000 people use the system, but it must also be true if using the system for verification (1:1) or for identification (1:n). The difference between verification and identification is simple but the complexity is exponential.

Verification happens when someone presents a token (card or badge) which is associated to a biometric template. In this case, the system will test the biometric data presented against the biometric template linked to the token number. With identification, no token is involved. The algorithm must determine if the person in front of the reader is indeed allowed or not. Identification is much more complicated and requires some specific expertise.

Anti-spoofing: Biometric equipment installed to provide a high level of access security must not be easily manipulated. It must therefore use efficient anti-spoofing hardware and software mechanisms, like false finger detection for a fingerprint reader and 3D/infrared cameras and image processing for facial recognition devices.

Algorithms: Together with hardware components like the sensor for a fingerprint device or cameras for facial recognition, algorithms provide the processing power and speed. We recommend selecting products from vendors that develop their own algorithms and that rank high in the very stringent NIS^[1] evaluations.

Speed: High-speed processing is key for efficient operations, from an office building to a residential estate. The appropriate systems must offer throughput of at least 30 users per minute per device to provide fluidity and avoid queues. It is paramount when a large number of people need to get access or leave a site as quickly as possible (whether it be a 1000-person shift or resident(s) entering a community by car).

End-user convenience: This is key for user adoption. If users have trouble using a system or struggle to be identified first time, they will resist its use. This also includes changing conditions throughout the day. When a system functions identically with various light conditions, it saves much frustration for users.

Enrolment: This is a key process whereby user biometric features are first captured for subsequent authentications. This needs to be secure and frictionless.

Deployment: The bulk of the cost of deployment usually comes from integration with your existing PACS (physical access control systems) and doors, turnstiles, speed gates, etc. Therefore, to reduce deployment hazards leading to increased project complexity and costs, it is advisable to select vendors integrated with mainstream PACS and hardware providers and with a proven record of successful implementation.

OPEX: As with other systems, the TCO (total cost of ownership) and ROI (return on investment) have to be considered rather than the initial capital investment only. The TCO is impacted by criteria such as quality and reliability. Selecting vendors with field-proven experience and a strong support, maintenance and repair network is paramount for efficient support when needed.

Biometrics and the #newnormal

With concerns surrounding contamination from surfaces, contactless biometrics have gained traction in the #newnormal.

Facial recognition is a natural alternative that comes to mind, but the emergence of facial mask requirements, which cover part of the nose and the entire mouth and chin areas, poses a new challenge for facial recognition devices. Technology companies are currently re-training algorithms to take this new constraint into account and improve performances.

Iris capture devices that by definition only scan the users’ irises are not impacted by this constraint, but they have other drawbacks in terms of speed and throughput capabilities, as well as a less favourable user perception, that limits them to specific use cases (for instance surgery rooms or laboratories).

Contactless fingerprint capture devices are a very efficient alternative. There are various options on the market, with the IDEMIA MorphoWave Compact being one. 3D images of four fingerprints are captured in a quick and fully touchless hand movement above the sensor. This innovative technology is already widespread, as it can provide high throughput, is very accurate and enables immediate user adoption. It is currently the preferred solution for real estate complexes in South Africa.

With COVID-19, we experienced a notable demand increase for contactless biometric readers like MorphoWave that scans and verifies four fingerprints in less than a second through a fully touchless hand movement, and VisionPass, the 2020 SIA Award-winning facial recognition device, designed with clients and users and that features a 2D+3D+infrared camera set and advanced anti-spoofing mechanisms.

^[1]National Institute of Standards and Technology https://www.nist.gov/

Share this article:

Further reading: